When your Java program attempts to connect to a server that has an invalid or self signed certificate, such as an application server in a development environment, you may get the following exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
To make your Java runtime environment trust the certificate, you need to import it into the JRE certificate store.
Browse to your application server using SSL. Your browser will tell you that the certificate isn't trusted and allow you to trust it, thereby placing it in the browser certificate store.
Your browser will have some kind of certificate manager that allows you to export or back up specific certificates to binary files. Find the certificate presented by the server and export it as a binary DER file.
Make sure you have write access to your JRE and use the keytool utility to import it:
keytool -import -alias alias -keystore path-to-jre/lib/security/cacerts -file path-to-certificate-file
Example:
keytool -import -alias sunas -keystore /opt/jdk1.6/jre/lib/security/cacerts -file /home/gugrim/tmp/sunas.der
You will be prompted for the keystore password, which is by default changeit.
That's it!
Comments
Post new comment